Senior IT Security GRC Specialist

This is a fully remote position, open to applicants in Greece.

📋 Description

• Develop and execute a comprehensive GRC Strategy: Create, author, and implement a thorough GRC strategy that includes policies, procedures, and security requirements in alignment with industry best practices and regulatory standards.

• Deploy, uphold, and continuously enhance a proprietary control framework that meets the organization’s compliance requirements and needs.

• Assist in performing risk and control assessments, identifying, evaluating, and prioritizing potential threats and vulnerabilities.

• Craft and conceptualize original risk mitigation plans and corrective measures to effectively address risks.

• Collaborate with Product teams to ensure "Compliance-by-Design," providing necessary requirements and highlighting security risks during the initial stages of new features and enhancements.

• Ensure Compliance with Regulatory and Industry Standards: Stay informed about relevant laws, regulations, security frameworks, and industry standards (e.g., GDPR, ISO 27001, NIS2, SOC 2, etc.), and work towards achieving the organization’s compliance with them.

• Raise awareness of applicable laws and regulations among employees and upper management.

• Conduct regular audits and assessments to monitor compliance and identify areas for improvement.

• Actively participate in third-party audits, including leading them to support IT Security requirements.

• Support Business Processes: Conduct in-depth analysis and create technical responses for security questionnaires, translating complex internal security controls into tailored client-facing documentation.

• Review and provide expert analysis of security clauses in contracts, drafting customized security requirements for clients and suppliers.

• Engage in client meetings to address cybersecurity concerns and requirements, conduct and document security reviews of SaaS applications, producing original risk assessment reports and designing mitigation recommendations.

• Develop and maintain a Security Trust Center or similar customer-facing resources.

• Provide Strategic Guidance: Serve as a primary point of contact for senior management on GRC matters, and develop strategic advisory materials/models detailing the impact of GRC initiatives on business decisions.

• Cultivate and maintain strong relationships with key stakeholders across the organization.

• Ensure Functional Supervision: Provide expert guidance and alignment for the GRC team; act as a technical mentor and "quality gatekeeper" for key deliverables, including the security awareness program and third-party risk assessments.

• Deliver IT Security Reporting: Develop, support, and maintain key performance indicators (KPI) for the Security function. Gather, analyze, and report on security metrics and compliance status. Prepare and design customized presentations and reports for senior management on the IT Security program's status, including key risks, threats, and vulnerabilities.

• Implement AI-Powered GRC Operations: Lead the practical integration of Generative AI tools (LLMs, AI Agents) to automate evidence collection, draft security policies, and summarize regulatory changes, significantly enhancing team efficiency.

⛳️ Requirements

• Proficient in written and spoken English.

• Over 5 years of experience in GRC roles.

• Outstanding ability to build stakeholder relationships and translate technical risks into business impacts.

• Capable of aligning and guiding peers/junior staff through influence and technical authority, rather than formal people management.

• High level of autonomy and the ability to independently drive complex GRC projects from inception to completion.

• Deep understanding of GRC frameworks, methodologies, and best practices.

• Knowledge of relevant laws, regulations, and industry standards, with a willingness to explore other nationally led frameworks applicable to the organization.

• Hands-on experience in creating, maintaining, and enhancing compliance programs based on multiple standards or regulations (e.g., ISO 27001, SOC2, etc.).

• Practical experience utilizing AI to streamline compliance workflows and an understanding of the associated risks with AI adoption.

• Strong analytical and problem-solving skills, with the ability to assess risks and develop effective control measures.

• Ability to conduct research in unfamiliar areas and leverage that knowledge to provide security guidelines and propose improvements.

• Hands-on experience with Google Workspace is an advantage.

🏝️ Benefits

• Provision of all necessary office and IT equipment.

• Flexible working hours.

• Wellness allowance for mental and physical health.

• Access to professional mental health support.

• Referral bonus policy.

• Opportunities for learning and development.

• Participation in sustainability events and community involvement.

• Peer recognition program.

• Employee-led resource groups.

• Optional (fully covered or co-financed) healthcare and life insurance.

• Multisport card.

• Multikafeteria.

• Lunch card.

• Hybrid work organization.

• Remote work from abroad policy.

• Internet and electricity bill allowance.

• Additional day for community service when volunteering.